Link List

Sponsored by..

Friday, 20 June 2014

"2014_06rechnung_0724300002_sign.zip" spam

I don't have a sample of the German-language spam spreading this attack, but it is similar to this one and it entices the victim to download a ZIP file from [donotclick]officialdund.co.uk/wp-content/themes/officialdund/mobilfunktelekom/2014_06rechnung_0724300002_sign.zip

Inside the ZIP file is a malicious executable 2014_06rechnung_0724300002_pdf_sign_telekomag_deutschland_gmbh.exe which has a very low VirusTotal detection rate of just 1/54. The Malwr report shows that it downloads a further executable rqvupdate.exe [Malwr report] which phones home to 204.93.183.196 (Server Central, US) and has a VT detection rate of just 2/52.